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IN THE CLAIMS: 

1-26. (CANCELLED) 

27. (PREVIOUSLY PRESENTED) A method comprising; 

executing an application on a network device, the application having a plurality of 
modules each associated with one or more layers of a hierarchy of communication proto- 
cols; 

storing, in a memory space associated with the application, a connection data 
structure, the connection data structure storing together data for the plurality of modules 
of the application for a connection maintained by the network device; 

forming a unique connection identifier for the connection; 

independently checkpointing portions of the connection data structure for differ- 
ent modules into a memory space associated with a checkpoint server, the portions of the 
connection data structure each being embedded with the unique connection identifier and 
stored separately in the memory space associated with the checkpoint server; and 

in response to a restart or failure of the application executing on the network de- 
vice, restoring the connection data structure in the memory space associated with the ap- 
plication, by retrieving the separately stored portions of the connection data structure for 
at least some of the different modules from the memory space associated with a check- 
point server and combining them to reform the connection data structure in the memory 
space associated with the application. 

28. (PREVIOUSLY PRESENTED) The method of claim 27, wherein the independently 
checkpointing comprises: 

determining for each module of the plurality of modules when the module re- 
quires a checkpoint of the module's portion of the connection data structure; and 
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in response to the determining a particular module requires a checkpoint, check- 
pointing the particular module's portion of the connection data structure into the memory 
space associated with the checkpoint server. 

29. (PREVIOUSLY PRESENTED) The method of claim 27, wherein the independently 
checkpointing comprises: 

determining there has been a state change of the connection; 

and 

in response to the state change, checkpointing at least one particular module's 
portion of the connection data structure into the memory space associated with the check- 
point server. 

30. (PREVIOUSLY PRESENTED) The method of claim 27, wherein the independently 
checkpointing is performed individually by each module, such that each module check- 
points its own portion of the connection data structure, and the retrieving is performed 
individually by each module, such that each module retrieves its own portion of the con- 
nection data structure. 

31. (PREVIOUSLY PRESENTED) The method of claim 27, wherein the application is a 
firewall application and the plurality of modules are modules within the firewall applica- 
tion. 

32. (PREVIOUSLY PRESENTED) The method of claim 27, wherein the forming a 
unique connection identifier for the connection comprises: 

combining a source address and a destination address of a packet associated with 
the connection. 
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1 33. (PREVIOUSLY PRESENTED) The method of claim 27, wherein the plurality of 

2 modules include at least a module associated with Transmission Control Protocol (TCP), 

3 User Datagram Protocol (UDP), or File Transfer Protocol (FTP). 

1 34. (PREVIOUSLY PRESENTED) The method of claim 27 wherein a separate connec- 

2 tion data structure is maintained for each connection of a plurality of connections main- 

3 tained by the network device. 

1 35. (PREVIOUSLY PRESENTED) The method of claim 27, further comprising: 

2 executing the checkpoint server on the network device along with the application, 

3 and wherein the memory space associated with the checkpoint server is memory space 

4 provided by the network device separate from the memory space associated with the ap- 

5 plication. 

1 36. (PREVIOUSLY PRESENTED) The method of claim 27, further comprising: 

2 executing the checkpoint server on a device other than the network device execut- 

3 ing the application. 

1 37. (PREVIOUSLY PRESENTED) An apparatus comprising: 

2 a microprocessor configured to execute an application and a checkpoint server, 

3 the application having a plurality of modules each associated with one or more layers of a 

4 hierarchy of communication protocols; 

5 a memory having a memory space associated with the application and having a 

6 separate memory space associated with the checkpoint server; and 

7 the microprocessor further configured to execute instructions to store a connection 

8 data structure that holds together data for the plurality of modules of the application re- 

9 lated to a particular connection maintained by the apparatus, to form a unique connection 

10 identifier for the connection, to independently checkpoint portions of the connection data 
n structure for different modules into the memory space associated with the checkpoint 
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server where the portions are each embedded with the unique connection identifier yet 
stored separately, and to restore, in response to a restart or failure of the application, the 
connection data structure into the memory space associated with the application, by re- 
trieval of the separately stored portions of the connection data structure for at least some 
of the different modules from the memory space associated with a checkpoint server and 
reassembly of the portions to reform the connection data structure in the memory space 
associated with the application. 

38. (PREVIOUSLY PRESENTED) The apparatus of claim 37, wherein the instructions 
to independently checkpoint comprise instructions to determine for each module of the 
plurality of modules when the module requires a checkpoint of the module's portion of 
the connection data structure and to, in response to determination a particular module re- 
quires a checkpoint, checkpoint the particular module's portion of the connection data 
structure into the memory space associated with the checkpoint server. 

39. (PREVIOUSLY PRESENTED) The apparatus of claim 37, wherein the instructions 
to independently checkpoint comprise instructions to determine there has been a state 
change of the connection, 

and to, in response to the state change, checkpoint at least one particular module's portion 
of the connection data structure into the memory space associated with a checkpoint 
server. 

40. (PREVIOUSLY PRESENTED) The apparatus of claim 37, wherein the application is 
a firewall application and the plurality of modules are modules within the firewall appli- 
cation. 

41. (PREVIOUSLY PRESENTED) The apparatus of claim 37 wherein the instructions to 
form the unique connection identifier for the connection comprise instructions to com- 
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bine a source address and a destination address of a packet associated with the connec- 
tion. 

42. (PREVIOUSLY PRESENTED) The apparatus of claim 37 wherein the plurality of 
modules include at least a module associated with Transmission Control Protocol (TCP), 
User Datagram Protocol (UDP), or File Transfer Protocol (FTP). 

43. (PREVIOUSLY PRESENTED) The apparatus of claim 37 wherein a separate con- 
nection data structure is maintained for each connection of a plurality of connections 
maintained by the apparatus. 

44. (CURRENTLY AMENDED) A system comprising; 

a network device with a microprocessor configured to execute an application, the 
application having a plurality of modules each associated with one or more layers of a 
hierarchy of communication protocols, the network device further configured to store in a 
memory space associated with the application a connection data structure, the connection 
data structure maintaining together data for the plurality of modules of the application for 
a connection maintained by the network device, the network device further configured to 
independently checkpoint portions of the connection data structure for different modules; 
and 

a checkpoint server configured to store in an associated memory space the inde- 
pendently checkpointed portions of the connection data structure, the portions of the con- 
nection data structure each being embedded with a unique connection identifier associ- 
ated with the connection and stored separately in the memory space associated with the 
checkpoint server, the checkpoint server configured to, in response to a restart or failure 
of the application executing on the network device, restore at least a part of the connec- 
tion data structure to the memory space associated with the application, by retrieval of the 
separately- stored portions of the connection data structure for at least some of the differ- 
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ent modules from the memory space associated with a checkpoint server and reassembly 
of the portions to reform the at least a part of the connection data structure in the memory 
space associated with the application. 

45. (PREVIOUSLY PRESENTED) The system of claim 55, wherein the checkpoint 
server is further configured to determine for each module of the plurality of modules 
when the module requires a checkpoint of the module's portion of the connection data 
structure, and to, in response to determination that a particular module requires a check- 
point, checkpoint the particular module's portion of the connection data structure into the 
memory space associated with the checkpoint server. 

46. (PREVIOUSLY PRESENTED) The system of claim 55, wherein the checkpoint 
server is further configured to determine there has been a state change of the connection, 
and in response to the state change, checkpoint at least one particular module's portion of 
the connection data structure into the memory space associated with the checkpoint 
server. 
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